mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-23 22:01:54 -06:00
0cc56a71a5
Every workflow is being executed twice for dependabot: Once when its
branch is pushed to this repository and again when a PR is opened for
it.
For example, see the checks in #5979 ("29 checks passed").
This happens because both `on.push` and `on.pull_request` are specified
in the workflow files.
There does not seem to be a simple and generic way to avoid such
duplicated runs directly in GitHub Actions (such as preventing the same
check from running for the same exact commit)[1], so just ignore the
dependabot branches on push for now.
See also and commit 5871b08a4 ("ci: run for every branch instead of just
master", 2023-04-23) / PR #5815.
[1] https://github.com/orgs/community/discussions/26276
57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
# Lints and checks for potential issues in Python files.
|
|
|
|
name: Check-Python
|
|
|
|
on:
|
|
push:
|
|
branches-ignore:
|
|
- 'dependabot/**'
|
|
paths:
|
|
- '**.py'
|
|
- .github/workflows/check-python.yml
|
|
pull_request:
|
|
paths:
|
|
- '**.py'
|
|
- .github/workflows/check-python.yml
|
|
schedule:
|
|
- cron: '0 7 * * 2'
|
|
|
|
permissions: # added using https://github.com/step-security/secure-workflows
|
|
contents: read
|
|
|
|
jobs:
|
|
codeql-python:
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
|
|
with:
|
|
disable-sudo: true
|
|
egress-policy: block
|
|
allowed-endpoints: >
|
|
api.github.com:443
|
|
files.pythonhosted.org:443
|
|
github.com:443
|
|
objects.githubusercontent.com:443
|
|
pypi.org:443
|
|
uploads.github.com:443
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
|
|
|
|
- name: print env
|
|
run: ./ci/printenv.sh
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8
|
|
with:
|
|
languages: python
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8
|